Script to update Windows Recovery Environment to patch against CVE-2022-41099. He has published a script to install it and writes: Mark Berry left this commentand points out that Susan Bradley AskWoody newsletter from in January 2023 points to the GitHub page Update Windows RE – CVE-2022-4109 by Brandon Halsey. So you need to use DISM to verify, that the patch has been applied. If you add a DU package, use DISM /get-packages as described in the steps above to ensure that the package has been added to the image. Note: The WinRE version number will only change after you add an LCU. German blog reader MOM20xx pointed out the following hint from Microsoft: I'll pass this question on to the readership. Would be interesting for me if someone has success with this (ideally Windows 10 21H2 so that the comparison also fits). Only little has changed:Įither the Safe OS Dynamic updates don't really work, or I'm doing something wrong. I still tried to install KB5021043 into a mounted WinRE image yesterday, which supposedly worked. I'm going to say that the whole thing doesn't work that well, unless I did something wrong. Now I have a Windows 10 21H2 with unpatched WinRE and KB5021043 is reported as "not applicable" to WSUS. I've added the product to WSUS, synced, deleted everything that is not needed and approved the rest. In principle, this only needs to be downloaded and should then be able to be installed. In the supplement marked as important, Microsoft writes that a dynamic update is available for download in the Microsoft Update Catalog. You can download the latest Windows Safe OS Dynamic Update from the Microsoft Update Catalog. IMPORTANT: End users and enterprises who are updating Windows devices which are already deployed in their environment can instead use the latest Windows Safe OS Dynamic Updates to update WinRE when the partition is too small to install the full Windows update. For more information about how to apply the WinRE update, see Add an update package to Windows RE. You must apply the applicable Windows security update to your Windows Recovery Environment (WinRE). The following important addition has been added.Īre there additional steps that I need to take to be protected from this vulnerability? contacted me again by mail, and pointed out that Microsoft has updated its FAQ at BitLocker Security Feature Bypass Vulnerability CVE-2022-41099. Readers' commentsĪustrian blog reader Markus K. On the other hand, readers report problems with the update. The update in question has to be installed manually – which might be too much for many users. Important: For Windows Recovery Environment (WinRE) devices, see the Special instructions for Windows Recovery Environment (WinRE) devices in the How to get this update section to address security vulnerabilities in CVE-2022-41099. Microsoft had addressed the issue again in January 2023 in security update KB5022282 with the following text. It has been known since November 2022 that there is a Bitlocker bypass vulnerability CVE-2022-41099 in the Windows Recovery Environment (WinRE). I had already addressed it in the blog post Windows 10: Be aware of WinRE WinRE patch to fix Bitlocker bypass vulnerability CVE-2022-41099.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |